View Issue Details

IDProjectCategoryView StatusLast Update
0000918Main CAcert Websitecertificate issuingpublic2014-03-07 12:34
ReporterNEOatNHNG Assigned ToNEOatNHNG  
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2011 Q1 
Fixed in Version2013 Q4 
Summary0000918: Weak keys in certificates
DescriptionA vulnerability regarding weak keys used in certificates that we signed has been reported. Details will be published once this has been fixed.
TagsNo tags attached.
Reviewed byNEOatNHNG, BenBE
Test Instructions

Relationships

related to 0000964 closed VBscript, Weak Keys script 4.php, 17.php to combine / select box key size and lower limit to 2048 
related to 0000954 closedTed script to bulk revoke weak keys 
related to 0000978 closedBenBE Invalid SPKAC requests are not properly validated 
related to 0001255 closedwytze DSA certificate issuing ignores key strength 

Activities

Uli60

2011-04-09 00:16

updater   ~0001912

minimum key i can create client side is with ie8 and "base crypto provider" of length rsa1024

rsa1024 will be created and signed

Uli60

2011-04-11 23:12

updater   ~0001914

Last edited: 2011-04-11 23:36

test1:
key generated with:
openssl req -new -subj "/CN=Test 1024/emailAddress=webmaster@mydomain.de" -newkey rsa:512 -keyout test2.mydomain.de.key -nodes -out test2.mydomain.de.csr

add server cert
paste csr
result:
The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki
"the wiki" link points to: https://wiki.cacert.org/WeakKeys#SmallKey
link works
test1 ok

test2:
key generated with:
openssl genrsa -aes256 -out test4.mydomain.de.key -3 1024

add server cert
paste csr
result:
The keys you use might be insecure. Although there is currently no known attack for reasonable encryption schemes, we're being cautious and don't allow certificates for such keys. Please generate stronger keys. More information about this issue can be found in the wiki
"the wiki" link points to: https://wiki.cacert.org/WeakKeys#SmallExponent
link works
test2 ok

test3
key generated with:
openssl genrsa -aes256 -out test5.mydomain.de.key -f4 1024

add server cert
paste csr
result:
Please make sure the following details are correct before proceeding any further.
CommonName: test5.mydomain.de
test3 ok

Uli60

2011-04-21 17:57

updater   ~0001938

notification to testers sent

NEOatNHNG

2011-04-26 22:40

administrator   ~0001946

Reminder sent to: hanno, Ted

Ted has reviewed the fixes to disallow new weak certificates. Now we need more testers.

Uli60

2011-06-14 19:50

updater   ~0002034

1. testserver test w/o patch
 * generate 512 bit keys test
  1. openssl genrsa -out <your-server-name-domain.tld>.key 512
  2. openssl req -new -key <your-server-name-domain.tld>.key -out <your-server-name-domain.tld>.csr
  3. copy + paste to signing request
   a. for class1
   b. for class3
  4. copy + paste signed pub key <your-server-name-domain.tld>-pub.key
  5. test new pub key:
     command: openssl x509 -text -in <your-server-name-domain.tld>-pub.key -noout

Uli60

2011-06-14 19:52

updater   ~0002035

test result from note 2034
class1 result:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4167 (0x1047)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1.it-sls.de, CN=CAcert Testserver Root
        Validity
            Not Before: Jun 14 19:23:15 2011 GMT
            Not After : Jun 13 19:23:15 2013 GMT
        Subject: CN=myserver.mydomain.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                    ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org/

            X509v3 Subject Alternative Name:
                DNS:myserver.mydomain.net, othername:<unsupported>
    Signature Algorithm: sha1WithRSAEncryption
        ....

class3 result:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4150 (0x1036)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=CAcert Testsever, OU=http://cacert1.it-sls.de, CN=CAcert Testserver Class 3
        Validity
            Not Before: Jun 14 19:34:12 2011 GMT
            Not After : Jun 13 19:34:12 2013 GMT
        Subject: CN=myserver.mydomain.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)
                Modulus (512 bit):
                  ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            ...

            X509v3 Subject Alternative Name:
                DNS:myserver.mydomain.net, othername:<unsupported>
    Signature Algorithm: sha1WithRSAEncryption
        ....

Uli60

2011-06-14 20:17

updater   ~0002036

test 2, similiar to http://bugs.cacert.org/view.php?id=918#c2034
with Exponent 3

1. openssl genrsa -aes256 -out <your-server-name-domain.tld>.key -3 1024
2. openssl req -new -key <your-server-name-domain.tld>.key -out <your-server-name-domain.tld>.csr
3. copy + paste to signing request
   a. for class1
   b. for class3
4. copy + paste signed pub key <your-server-name-domain.tld>-pub.key
5. test new pub key:
     command: openssl x509 -text -in <your-server-name-domain.tld>-pub.key -noout

Uli60

2011-06-14 20:26

updater   ~0002037

test result from note 2036

class1 result:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4168 (0x1048)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1.it-sls.de, CN=CAcert Testserver Root
        Validity
            Not Before: Jun 14 20:10:23 2011 GMT
            Not After : Jun 13 20:10:23 2013 GMT
        Subject: CN=myserver.mydomain.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    ...
                Exponent: 3 (0x3)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org/

            X509v3 Subject Alternative Name:
                DNS:myserver.mydomain, othername:<unsupported>
    Signature Algorithm: sha1WithRSAEncryption
        ...


class3 result:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4151 (0x1037)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: O=CAcert Testsever, OU=http://cacert1.it-sls.de, CN=CAcert Testserver Class 3
        Validity
            Not Before: Jun 14 20:23:23 2011 GMT
            Not After : Jun 13 20:23:23 2013 GMT
        Subject: CN=myserver.mydomain.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    ...
                Exponent: 3 (0x3)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            Authority Information Access:
                OCSP - URI:http://ocsp.cacert.org/

            X509v3 Subject Alternative Name:
                DNS:myserver.mydomain, othername:<unsupported>
    Signature Algorithm: sha1WithRSAEncryption
        ...

Uli60

2011-06-14 22:20

updater   ~0002038

Last edited: 2011-06-14 22:32

testkey, 512, class1
Now renewing the following certificates:
Processing request 301973:
The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki
https://wiki.cacert.org/WeakKeys#SmallKey
Valid myserver.mydomain Not Revoked 2013-06-13 20:10:23
=> not renewed
=> OK

testkey, Exponent 3, class1
Now renewing the following certificates:
Processing request 301975:
The keys you use might be insecure. Although there is currently no known attack for reasonable encryption schemes, we're being cautious and don't allow certificates for such keys. Please generate stronger keys. More information about this issue can be found in the wiki
https://wiki.cacert.org/WeakKeys#SmallExponent
Valid myserver.mydomain Not Revoked 2013-06-13 20:10:23
=> not renewed
=> OK

key link results in identical key that was downloaded before renewal request, so renewal req didn't get passed

NEOatNHNG

2011-06-14 22:23

administrator   ~0002039

Created 512-bit and exponent 3 RSA keys and requested one client and one server certificate for each (with disabled patch).

Renewing produces the expected results (with enabled patch). That means they couldn't be renewed and the error message corresponds to the weakness in the cert.

law

2011-06-14 22:37

administrator   ~0002040

Seems to work as expected. No certs are signed / renewed.

Tested (server certs):
 * rnw 512 bit (class1)
 * rnw exp 3 (class1)
 * new 512 bit (class1)
 * new 512 bit (class3)
 * new exp 3 (class1)
 * new exp 3 (class3)

After trying to renew the cert afterwards is identical to before renewal when trying to download. No renewal took place.

MartinGummi

2011-06-14 22:43

updater   ~0002041

I use a Number only tld like 1234.tld

testkey, 512, class3

Now renewing the following certificates:
Processing request 301982:
The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki https://wiki.cacert.org/WeakKeys#SmallKey
Valid 4321.tld Not Revoked 2013-06-13 21:50:57
=> not renewed
=> OK

testkey, Exponent 3, class3
Now renewing the following certificates:
Processing request 301984:
The keys you use might be insecure. Although there is currently no known attack for reasonable encryption schemes, we're being cautious and don't allow certificates for such keys. Please generate stronger keys. More information about this issue can be found in the wiki https://wiki.cacert.org/WeakKeys#SmallExponent
Valid 4321.tld Not Revoked 2013-06-13 22:02:00
=> not renewed
=> OK

law

2011-06-14 23:49

administrator   ~0002042

Also successfully tested the patch for organisation certifices (class1 + 3 / new + renew / 512 bit + exp 3)

And also tested client certs with a selection of the different options by submitting a csr.

NEOatNHNG

2011-06-15 00:04

administrator   ~0002043

I guess testing is now finished. Email sent to critical team

wytze

2011-06-16 09:25

developer   ~0002047

Fix applied to production server on June 16, 2011. See also https://lists.cacert.org/wws/arc/cacert-systemlog/2011-06/msg00007.html

hanno

2013-01-15 19:01

reporter   ~0003660

This is still not completely fixed. It's still possible to create new certificates with insecure keylengths like 1024.
When I reported this back then I was told that this will stay for some intermediate time because of some compatibility issues yet to be resolved. However, I think it's time that keys < 2048 bits should finally be forbidden. It's only a matter of time till they'll be broken.

NEOatNHNG

2013-03-13 21:23

administrator   ~0003821

The compatibility issue was finally resolved a few weeks ago. I think we can now disable issuing new 1024 bit keys.

NEOatNHNG

2013-03-19 19:29

administrator   ~0003827

I have raised the limit for the key size on the test server. Please test and review.

INOPIAE

2013-03-26 23:23

updater   ~0003852

Last edited: 2013-03-26 23:31

IE:
Client Certificate medium is 2048 bits
Client Certificate custom shows text:
Please note that RSA key sizes smaller than 2048 bit will not be accepted by CAcert.
=>ok
Firefox:
Client Certficate medium throws error message:
The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki.
=>ok

Uli60

2013-04-16 21:43

updater   ~0003896

Firefox:
Client Certficate medium throws error message:
The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki.
=>ok

Keysize high .. passes the process
and results on page
with 3 links
Install the certificate into your browser
Install PEM
Install DER
and ascii block for copy & paste
-> key installed
cert 11:C2 class1 created, found in FF keystore
=> ok

wytze

2013-10-16 11:00

developer   ~0004397

The fix has been installed on the production server on October 16, 2013. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2013-10/msg00006.html

Issue History

Date Modified Username Field Change
2011-03-21 19:54 NEOatNHNG New Issue
2011-03-21 19:54 NEOatNHNG Status new => needs work
2011-03-21 19:54 NEOatNHNG Assigned To => NEOatNHNG
2011-04-09 00:16 Uli60 Note Added: 0001912
2011-04-11 23:12 Uli60 Note Added: 0001914
2011-04-11 23:36 Uli60 Note Edited: 0001914
2011-04-21 17:57 Uli60 Note Added: 0001938
2011-04-26 22:40 NEOatNHNG Note Added: 0001946
2011-04-26 22:41 NEOatNHNG Status needs work => needs feedback
2011-05-04 21:36 NEOatNHNG View Status private => public
2011-06-14 01:25 NEOatNHNG Status needs feedback => needs review & testing
2011-06-14 01:33 NEOatNHNG Status needs review & testing => needs testing
2011-06-14 19:50 Uli60 Note Added: 0002034
2011-06-14 19:52 Uli60 Note Added: 0002035
2011-06-14 20:17 Uli60 Note Added: 0002036
2011-06-14 20:26 Uli60 Note Added: 0002037
2011-06-14 22:20 Uli60 Note Added: 0002038
2011-06-14 22:23 NEOatNHNG Note Added: 0002039
2011-06-14 22:32 Uli60 Note Edited: 0002038
2011-06-14 22:37 law Note Added: 0002040
2011-06-14 22:43 MartinGummi Note Added: 0002041
2011-06-14 23:49 law Note Added: 0002042
2011-06-15 00:04 NEOatNHNG Note Added: 0002043
2011-06-15 00:04 NEOatNHNG Status needs testing => ready to deploy
2011-06-16 09:25 wytze Note Added: 0002047
2011-06-16 09:25 wytze Status ready to deploy => closed
2011-06-16 09:25 wytze Resolution open => fixed
2011-06-19 16:46 NEOatNHNG Source_changeset_attached => cacert-devel release 5adba778
2011-06-19 16:46 NEOatNHNG Source_changeset_attached => cacert-devel release d1983451
2011-06-19 16:53 NEOatNHNG Source_changeset_attached => cacert-devel master 15bfb273
2011-06-19 16:53 NEOatNHNG Source_changeset_attached => cacert-devel master 62e7147c
2011-06-19 16:53 NEOatNHNG Source_changeset_attached => cacert-devel master ef28052c
2011-06-19 16:53 NEOatNHNG Source_changeset_attached => cacert-devel master 12082b51
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 5adba778
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release a4ca549c
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release d1983451
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release cd9e6e79
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 803eaaf7
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 384b57dc
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 2faeb003
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release b23ac549
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release e2cad28b
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release f6ba93d4
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release a706b59b
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 7a296469
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 94391e3f
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 3cdf9f38
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel master 15bfb273
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel master 62e7147c
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel master ef28052c
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel master 12082b51
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 5adba778
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release a4ca549c
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release d1983451
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release cd9e6e79
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 803eaaf7
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 384b57dc
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 2faeb003
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release b23ac549
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release e2cad28b
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release f6ba93d4
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release a706b59b
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 7a296469
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 94391e3f
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 3cdf9f38
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel master 15bfb273
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel master 62e7147c
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel master ef28052c
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel master 12082b51
2011-06-28 09:52 Uli60 Relationship added related to 0000954
2011-10-21 19:25 NEOatNHNG Relationship added related to 0000978
2011-10-21 20:05 NEOatNHNG Source_changeset_attached => cacert-devel testserver 82c2ea4c
2013-01-15 15:29 Werner Dworak Fixed in Version => 2011 Q2
2013-01-15 19:01 hanno Note Added: 0003660
2013-01-15 19:01 hanno Status closed => needs feedback
2013-01-15 19:01 hanno Resolution fixed => reopened
2013-03-13 21:23 NEOatNHNG Note Added: 0003821
2013-03-13 21:23 NEOatNHNG Status needs feedback => needs work
2013-03-13 21:23 NEOatNHNG Relationship added related to 0000964
2013-03-19 19:29 NEOatNHNG Reviewed by => NEOatNHNG
2013-03-19 19:29 NEOatNHNG Note Added: 0003827
2013-03-19 19:29 NEOatNHNG Status needs work => needs review & testing
2013-03-19 19:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 7c25e77b
2013-03-19 19:30 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable f5364271
2013-03-26 11:54 BenBE Product Version => 2011 Q1
2013-03-26 23:23 INOPIAE Note Added: 0003852
2013-03-26 23:25 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 1457c238
2013-03-26 23:25 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable c1903027
2013-03-26 23:31 INOPIAE Note Edited: 0003852
2013-03-29 11:42 BenBE Reviewed by NEOatNHNG => NEOatNHNG, BenBE
2013-03-29 11:42 BenBE Status needs review & testing => needs testing
2013-04-16 21:43 Uli60 Note Added: 0003896
2013-09-10 23:40 NEOatNHNG Status needs testing => ready to deploy
2013-10-15 21:20 BenBE Source_changeset_attached => cacert-devel release 8947e9be
2013-10-16 11:00 wytze Note Added: 0004397
2013-10-16 11:00 wytze Status ready to deploy => solved?
2013-10-16 11:00 wytze Fixed in Version 2011 Q2 => 2013 Q4
2013-10-16 11:00 wytze Resolution reopened => fixed
2013-11-06 15:41 NEOatNHNG Status solved? => closed
2014-03-07 12:34 INOPIAE Relationship added related to 0001255